[18767] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BugTraq: EFS Win 2000 flaw

daemon@ATHENA.MIT.EDU (Timothy J. Miller)
Tue Jan 23 19:36:04 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <87vgr6q7e7.fsf@zoot.kelly.aftd.af.mil>
Date:         Tue, 23 Jan 2001 15:35:12 -0600
Reply-To: "Timothy J. Miller" <cerebus@SACKHEADS.ORG>
From: "Timothy J. Miller" <cerebus@SACKHEADS.ORG>
X-To:         Dan Kaminsky <dankamin@CISCO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <017c01c084d0$7a40e070$496545ab@na.cisco.com>

Dan Kaminsky <dankamin@CISCO.COM> writes:

>                                                          That means no
> decryption keys ever get written, no passwords get saved, and most
> importantly, *no plaintext data gets stored, not even "temporarily"*.

Interestingly, when a system hibernates everything in memory goes to
disk (into the hiber file or partition)-- and this includes the
sensitive data that the LSA holds that is not normally swapped out:
keypairs, kerberos tickets and encrypted files.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18767] in bugtraq

Re: BugTraq: EFS Win 2000 flaw

daemon@ATHENA.MIT.EDU (Timothy J. Miller)Tue Jan 23 19:36:04 2001

daemon@ATHENA.MIT.EDU (Timothy J. Miller)
Tue Jan 23 19:36:04 2001